GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
15 advisories
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration
Moderate
CVE-2025-53092
was published
for
@strapi/core
(npm)
Oct 16, 2025
Strapi Allows Unauthorized Access to Private Fields via parms.lookup
High
CVE-2024-56143
was published
for
@strapi/core
(npm)
Oct 16, 2025
Strapi allows Server-Side Request Forgery in Webhook function
Moderate
CVE-2024-52588
was published
for
@strapi/admin
(npm)
May 27, 2025
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Moderate
CVE-2024-31217
was published
for
@strapi/plugin-upload
(npm)
Jun 12, 2024
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Low
CVE-2024-29181
was published
for
@strapi/plugin-content-manager
(npm)
Jun 12, 2024
Unauthorized Access to Private Fields in User Registration API
High
CVE-2023-39345
was published
for
@strapi/plugin-users-permissions
(npm)
Nov 3, 2023
Strapi Improper Rate Limiting vulnerability
High
CVE-2023-38507
was published
for
@strapi/admin
(npm)
Sep 13, 2023
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
Moderate
CVE-2023-36472
was published
for
@strapi/admin
(npm)
Sep 13, 2023
Leaking sensitive user information still possible by filtering on private with prefix fields
High
CVE-2023-34235
was published
for
@strapi/database
(npm)
Jul 25, 2023
Making all attributes on a content-type public without noticing it
Moderate
CVE-2023-34093
was published
for
@strapi/database
(npm)
Jul 25, 2023
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
Critical
CVE-2023-22621
was published
for
@strapi/plugin-email
(npm)
Apr 19, 2023
Strapi leaking sensitive user information by filtering on private fields
High
CVE-2023-22894
was published
for
@strapi/strapi
(npm)
Apr 19, 2023
Authentication Bypass in @strapi/plugin-users-permissions
High
GHSA-xv3q-jrmm-4fxv
was published
for
@strapi/plugin-users-permissions
(npm)
Apr 18, 2023
ProTip!
Advisories are also available from the
GraphQL API